Capabilities
Query Tools
| Tool | What It Does |
|---|---|
| Import issues | Fetch security issues from Wiz with severity and status filters |
| Deep link investigation | Instantly investigate a specific Wiz issue from a link |
What Gets Imported
Hiro imports Wiz issues including:- Issue details — ID, status, severity, timestamps
- Resource info — Cloud platform, region, resource type, tags
- Project context — Project name, owners, business unit, risk profile
- Rule information — Security controls, recommendations, compliance frameworks
Action Tools
The Wiz integration is read-only. Hiro can query and analyze Wiz findings but cannot modify issues in Wiz.Setup
Prerequisites
- Wiz account with API access
- Ability to create service accounts in Wiz
Connection Steps
Create a service account in Wiz
In the Wiz console:
- Go to Settings > Service Accounts
- Click Create Service Account
- Name it (e.g., “Hiro Integration”)
- Grant read permissions for issues and projects
- Copy the Client ID and Client Secret
Note your API endpoints
Find your regional endpoints:
| Region | API Endpoint | Auth Endpoint |
|---|---|---|
| US | https://api.us1.app.wiz.io/graphql | https://auth.app.wiz.io/oauth/token |
| EU | https://api.eu1.app.wiz.io/graphql | https://auth.app.wiz.io/oauth/token |
| US Gov | https://api.us2.app.wiz.io/graphql | https://auth.gov.wiz.io/oauth/token |
Connect in Hiro
In Hiro, go to Settings > Integrations:
- Click Connect next to Wiz
- Enter your Client ID and Client Secret
- Enter your API Endpoint and Auth Endpoint
- Click Connect
Deep Linking
Wiz issues are automatically synced to Hiro as detections. Deep linking lets you jump directly from Wiz to the detection in Hiro.How It Works
- Hiro automatically syncs Wiz issues as detections
- From a Wiz issue, click the deep link to Hiro
- You’re taken directly to the detection in Hiro
Deep Link Format
{wiz_issue_id} with the Wiz issue ID.
Use Cases
- Seamless workflow — Click through from Wiz without switching context
- Start investigating — Open Chat or Fight Mode from the detection
- Correlate findings — Cross-reference with Okta, AWS, and other integrations
Investigation Examples
Analyze a Wiz finding
Correlate with identity
Check for related activity
Troubleshooting
”Authentication failed”
- Verify the Client ID and Client Secret are correct
- Check that the service account is still active in Wiz
- Ensure you’re using the correct regional endpoints
”Issue not found”
- The Wiz issue may have been resolved or deleted
- Verify the issue ID is correct
- Check that the service account has permission to view the issue
Deep link not working
- Ensure the Wiz integration is connected in Hiro
- Verify the issue ID format is correct
- Check that you’re logged into Hiro
Next Steps
AWS
Correlate Wiz findings with CloudTrail.
Okta
Check who has access to affected resources.